[Xen-devel] [PATCH 2/2] x86: explicitly disallow guest access to PPIN

[Jan Beulich <jbeulich@xxxxxxxx>]

To fulfill the "protected" in its name, don't let the real hardware
values "shine through". Report a control register value expressing this.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
TBD: Do we want to permit Dom0 access?

--- a/xen/arch/x86/msr.c
+++ b/xen/arch/x86/msr.c
@@ -135,6 +135,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t
     case MSR_TSX_FORCE_ABORT:
     case MSR_AMD64_LWP_CFG:
     case MSR_AMD64_LWP_CBADDR:
+    case MSR_PPIN:
+    case MSR_AMD_PPIN:
         /* Not offered to guests. */
         goto gp_fault;
 
@@ -237,6 +239,18 @@ int guest_rdmsr(struct vcpu *v, uint32_t
                                    ARRAY_SIZE(msrs->dr_mask))];
         break;
 
+    case MSR_PPIN_CTL:
+        if ( d->arch.cpuid->x86_vendor != X86_VENDOR_INTEL )
+            goto gp_fault;
+        *val = PPIN_LOCKOUT;
+        break;
+
+    case MSR_AMD_PPIN_CTL:
+        if ( !cp->extd.amd_ppin )
+            goto gp_fault;
+        *val = PPIN_LOCKOUT;
+        break;
+
         /*
          * TODO: Implement when we have better topology representation.
     case MSR_INTEL_CORE_THREAD_COUNT:
@@ -273,10 +287,14 @@ int guest_wrmsr(struct vcpu *v, uint32_t
     case MSR_INTEL_CORE_THREAD_COUNT:
     case MSR_INTEL_PLATFORM_INFO:
     case MSR_ARCH_CAPABILITIES:
+    case MSR_PPIN:
+    case MSR_AMD_PPIN:
         /* Read-only */
     case MSR_TSX_FORCE_ABORT:
     case MSR_AMD64_LWP_CFG:
     case MSR_AMD64_LWP_CBADDR:
+    case MSR_PPIN_CTL:
+    case MSR_AMD_PPIN_CTL:
         /* Not offered to guests. */
         goto gp_fault;
 


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel